make builds, actually build plugin that works
This commit is contained in:
parent
7bc47f6a9c
commit
6589a35aa7
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
coverage.*
|
coverage.*
|
||||||
|
dist/*
|
||||||
|
37
.milpa/commands/joao/release/build.sh
Normal file
37
.milpa/commands/joao/release/build.sh
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
platforms=(
|
||||||
|
linux/amd64
|
||||||
|
linux/arm64
|
||||||
|
linux/arm
|
||||||
|
linux/mips
|
||||||
|
darwin/arm64
|
||||||
|
darwin/amd64
|
||||||
|
)
|
||||||
|
root=$(dirname "$MILPA_COMMAND_REPO")
|
||||||
|
cd "$root" || @milpa.fail "could not cd into $MILPA_REPO_ROOT"
|
||||||
|
|
||||||
|
@milpa.log info "Starting build for version $MILPA_ARG_VERSION"
|
||||||
|
|
||||||
|
for platform in "${platforms[@]}"; do
|
||||||
|
@milpa.log info "building for $platform"
|
||||||
|
os="${platform%%/*}"
|
||||||
|
arch="${platform##*/}"
|
||||||
|
base="dist/$os-$arch"
|
||||||
|
mkdir -p "$base" || @milpa.fail "Could not create dist dir"
|
||||||
|
GOOS="$os" GOARCH="$arch" go build -ldflags "-s -w -X git.rob.mx/nidito/joao/pkg/version.Version=$MILPA_ARG_VERSION" -trimpath -o "$base/joao"
|
||||||
|
@milpa.log success "built for $platform"
|
||||||
|
|
||||||
|
package="$root/dist/joao-$os-$arch.tgz"
|
||||||
|
@milpa.log info "archiving to $package"
|
||||||
|
(cd "$base" && tar -czf "$MILPA_REPO_ROOT$package" joao) || @milpa.fail "Could not archive $package"
|
||||||
|
rm -rf "$base"
|
||||||
|
@milpa.log success "archived $package"
|
||||||
|
done
|
||||||
|
|
||||||
|
@milpa.log info "uploading to cdn"
|
||||||
|
rclone sync --s3-acl=public-read \
|
||||||
|
"$root/dist/" \
|
||||||
|
"cdn:cdn.rob.mx/tools/joao/$MILPA_ARG_VERSION/" || @milpa.fail "could not upload to CDN"
|
||||||
|
@milpa.log complete "release for $MILPA_ARG_VERSION available at CDN"
|
||||||
|
rm -rf dist
|
10
.milpa/commands/joao/release/build.yaml
Normal file
10
.milpa/commands/joao/release/build.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
summary: Packages and joao for release
|
||||||
|
description: |
|
||||||
|
Creates a folder, by default `dist` with `joao-$os-$arch.tgz`, the packaged joao executable, for all supported platforms.
|
||||||
|
arguments:
|
||||||
|
- name: version
|
||||||
|
description: The semver number to build
|
||||||
|
required: true
|
||||||
|
values:
|
||||||
|
script: git tag -l
|
||||||
|
suggest-only: true
|
@ -2,7 +2,7 @@
|
|||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
# Copyright © 2021 Roberto Hidalgo <joao@un.rob.mx>
|
# Copyright © 2021 Roberto Hidalgo <joao@un.rob.mx>
|
||||||
|
|
||||||
cd "$MILPA_REPO_ROOT" || @milpa.fail "could not cd into $MILPA_REPO_ROOT"
|
cd "$(dirname "$MILPA_COMMAND_REPO")" || @milpa.fail "could not cd into $MILPA_REPO_ROOT"
|
||||||
@milpa.log info "Running unit tests"
|
@milpa.log info "Running unit tests"
|
||||||
args=()
|
args=()
|
||||||
after_run=complete
|
after_run=complete
|
||||||
|
@ -29,7 +29,7 @@ joao diff [--cache] PATH
|
|||||||
joao git-filter
|
joao git-filter
|
||||||
|
|
||||||
# show information on the vault integration
|
# show information on the vault integration
|
||||||
joao vault server --help
|
joao vault-plugin --help
|
||||||
```
|
```
|
||||||
|
|
||||||
## Why
|
## Why
|
||||||
|
@ -70,7 +70,7 @@ git config filter.joao.smudge cat
|
|||||||
# let's enforce these filters
|
# let's enforce these filters
|
||||||
git config filter.joao.required true
|
git config filter.joao.required true
|
||||||
|
|
||||||
# optionally, configure a diff filter to show changes as would be commited to git
|
# optionally, configure a diff filter to show changes as would be committed to git
|
||||||
# this does not modify the original file on disk
|
# this does not modify the original file on disk
|
||||||
git config diff.joao.textconv "joao git-filter diff"
|
git config diff.joao.textconv "joao git-filter diff"
|
||||||
﹅﹅﹅
|
﹅﹅﹅
|
||||||
|
@ -3,6 +3,8 @@
|
|||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"os"
|
||||||
|
|
||||||
"git.rob.mx/nidito/chinampa/pkg/command"
|
"git.rob.mx/nidito/chinampa/pkg/command"
|
||||||
"git.rob.mx/nidito/joao/internal/vault"
|
"git.rob.mx/nidito/joao/internal/vault"
|
||||||
"github.com/hashicorp/vault/api"
|
"github.com/hashicorp/vault/api"
|
||||||
@ -10,11 +12,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var Plugin = &command.Command{
|
var Plugin = &command.Command{
|
||||||
Path: []string{"vault", "server"},
|
Path: []string{"vault-plugin"},
|
||||||
Summary: "Starts a vault-joao-plugin server",
|
Summary: "Starts a vault-joao-plugin server",
|
||||||
Description: `Runs ﹅joao﹅ as a vault plugin.
|
Description: `﹅joao﹅ can run as a plugin to Hashicorp Vault, and make whole configuration entries available—secrets and all—through the Vault API.
|
||||||
|
|
||||||
You'll need to install ﹅joao﹅ in the machine running ﹅vault﹅ to ﹅plugin_directory﹅ as specified by vault's config. The installed ﹅joao﹅ executable needs to be executable for the user running vault only.
|
To install, download ﹅joao﹅ to the machine running ﹅vault﹅ at the ﹅plugin_directory﹅, as specified by vault's config. The installed ﹅joao﹅ executable needs to be executable for the user running vault only.
|
||||||
|
|
||||||
### Configuration
|
### Configuration
|
||||||
﹅﹅﹅sh
|
﹅﹅﹅sh
|
||||||
@ -24,14 +26,14 @@ export PLUGIN_SHA="$(openssl dgst -sha256 -hex "$VAULT_PLUGIN_DIR/joao" | awk '{
|
|||||||
export VERSION="$($VAULT_PLUGIN_DIR/joao --version)"
|
export VERSION="$($VAULT_PLUGIN_DIR/joao --version)"
|
||||||
|
|
||||||
# register
|
# register
|
||||||
vault plugin register -sha256="$PLUGIN_SHA" -command=joao -args="vault,server" -version="$VERSION" secret joao
|
vault plugin register -sha256="$PLUGIN_SHA" -command=joao -args="vault-plugin" -version="$VERSION" secret joao
|
||||||
|
|
||||||
# configure, add ﹅vault﹅ to set a default vault for querying
|
# configure, add ﹅vault﹅ to set a default vault for querying
|
||||||
vault write config/1password "host=$OP_CONNECT_HOST" "token=$OP_CONNECT_TOKEN" # vault=my-default-vault
|
vault write config/1password "host=$OP_CONNECT_HOST" "token=$OP_CONNECT_TOKEN" # vault=my-default-vault
|
||||||
|
|
||||||
if !vault plugin list secret | grep -c -m1 '^joao ' >/dev/null; then
|
if !(vault plugin list secret | grep -c -m1 '^joao ' >/dev/null); then
|
||||||
# first time, let's enable the secrets backend
|
# first time, let's enable the secrets backend
|
||||||
vault secrets enable --path=config joao
|
vault secrets enable -path=config joao
|
||||||
else
|
else
|
||||||
# updating from a previous version
|
# updating from a previous version
|
||||||
vault secrets tune -plugin-version="$VERSION" config/
|
vault secrets tune -plugin-version="$VERSION" config/
|
||||||
@ -57,39 +59,25 @@ See:
|
|||||||
- https://developer.hashicorp.com/vault/docs/plugins
|
- https://developer.hashicorp.com/vault/docs/plugins
|
||||||
`,
|
`,
|
||||||
Options: command.Options{
|
Options: command.Options{
|
||||||
"ca-cert": {
|
"sigh0": {
|
||||||
Type: command.ValueTypeString,
|
ShortName: "c",
|
||||||
Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
|
Default: "",
|
||||||
},
|
},
|
||||||
"ca-path": {
|
"sigh1": {
|
||||||
Type: command.ValueTypeString,
|
ShortName: "t",
|
||||||
Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
|
Default: "",
|
||||||
},
|
|
||||||
"client-cert": {
|
|
||||||
Type: command.ValueTypeString,
|
|
||||||
Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
|
|
||||||
},
|
|
||||||
"client-key": {
|
|
||||||
Type: command.ValueTypeString,
|
|
||||||
Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
|
|
||||||
},
|
|
||||||
"tls-skip-verify": {
|
|
||||||
Type: command.ValueTypeBoolean,
|
|
||||||
Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
|
|
||||||
Default: false,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Action: func(cmd *command.Command) error {
|
Action: func(cmd *command.Command) error {
|
||||||
|
apiClientMeta := &api.PluginAPIClientMeta{}
|
||||||
|
flags := apiClientMeta.FlagSet()
|
||||||
|
flags.Parse(os.Args[2:])
|
||||||
|
|
||||||
|
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||||
|
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||||
return plugin.ServeMultiplex(&plugin.ServeOpts{
|
return plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||||
BackendFactoryFunc: vault.Factory,
|
BackendFactoryFunc: vault.Factory,
|
||||||
TLSProviderFunc: api.VaultPluginTLSProvider(&api.TLSConfig{
|
TLSProviderFunc: tlsProviderFunc,
|
||||||
CACert: cmd.Options["ca-cert"].ToString(),
|
|
||||||
CAPath: cmd.Options["ca-path"].ToString(),
|
|
||||||
ClientCert: cmd.Options["client-cert"].ToString(),
|
|
||||||
ClientKey: cmd.Options["client-key"].ToString(),
|
|
||||||
TLSServerName: "",
|
|
||||||
Insecure: cmd.Options["tls-skip-verify"].ToValue().(bool),
|
|
||||||
}),
|
|
||||||
})
|
})
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
4
go.mod
4
go.mod
@ -10,7 +10,7 @@ require (
|
|||||||
github.com/alessio/shellescape v1.4.1
|
github.com/alessio/shellescape v1.4.1
|
||||||
github.com/hashicorp/go-hclog v1.4.0
|
github.com/hashicorp/go-hclog v1.4.0
|
||||||
github.com/hashicorp/vault/api v1.8.2
|
github.com/hashicorp/vault/api v1.8.2
|
||||||
github.com/hashicorp/vault/sdk v0.6.2
|
github.com/hashicorp/vault/sdk v0.7.0
|
||||||
github.com/jellydator/ttlcache/v3 v3.0.1
|
github.com/jellydator/ttlcache/v3 v3.0.1
|
||||||
github.com/sirupsen/logrus v1.9.0
|
github.com/sirupsen/logrus v1.9.0
|
||||||
github.com/spf13/cobra v1.6.1
|
github.com/spf13/cobra v1.6.1
|
||||||
@ -86,7 +86,7 @@ require (
|
|||||||
golang.org/x/term v0.4.0 // indirect
|
golang.org/x/term v0.4.0 // indirect
|
||||||
golang.org/x/text v0.6.0 // indirect
|
golang.org/x/text v0.6.0 // indirect
|
||||||
golang.org/x/time v0.3.0 // indirect
|
golang.org/x/time v0.3.0 // indirect
|
||||||
google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
|
google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5 // indirect
|
||||||
google.golang.org/grpc v1.52.0 // indirect
|
google.golang.org/grpc v1.52.0 // indirect
|
||||||
google.golang.org/protobuf v1.28.1 // indirect
|
google.golang.org/protobuf v1.28.1 // indirect
|
||||||
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
|
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
|
||||||
|
8
go.sum
8
go.sum
@ -134,8 +134,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
|
|||||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||||
github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
|
github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
|
||||||
github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
|
github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
|
||||||
github.com/hashicorp/vault/sdk v0.6.2 h1:LtWXUM+WheM5T8pOO/6nOTiFwnE+4y3bPztFf15Oz24=
|
github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
|
||||||
github.com/hashicorp/vault/sdk v0.6.2/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
|
github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
|
||||||
github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
|
github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
|
||||||
github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
|
github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
|
||||||
github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
|
github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
|
||||||
@ -356,8 +356,8 @@ gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJ
|
|||||||
gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
|
gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
|
||||||
gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
|
gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
|
||||||
gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
|
gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
|
||||||
google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
|
google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5 h1:wJT65XLOzhpSPCdAmmKfz94SlmnQzDzjm3Cj9k3fsXY=
|
||||||
google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
|
google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
|
||||||
google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
|
google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
|
||||||
google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
|
google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
|
||||||
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
||||||
|
@ -66,7 +66,7 @@ func Backend() *backend {
|
|||||||
}
|
}
|
||||||
|
|
||||||
b.Backend = &framework.Backend{
|
b.Backend = &framework.Backend{
|
||||||
BackendType: logical.TypeCredential,
|
BackendType: logical.TypeLogical,
|
||||||
Help: "joao reads configuration entries from 1Password Connect",
|
Help: "joao reads configuration entries from 1Password Connect",
|
||||||
PathsSpecial: &logical.Paths{
|
PathsSpecial: &logical.Paths{
|
||||||
SealWrapStorage: []string{
|
SealWrapStorage: []string{
|
||||||
|
@ -197,7 +197,6 @@ func (cfg *Config) DiffRemote(path string, stdout io.Writer, stderr io.Writer) e
|
|||||||
if diff.ProcessState.ExitCode() == 1 {
|
if diff.ProcessState.ExitCode() == 1 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
return fmt.Errorf("diff could not run: %w", err)
|
return fmt.Errorf("diff could not run: %w", err)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user